From patchwork Thu Apr 11 13:48:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jeff King X-Patchwork-Id: 10896041 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AB0411515 for ; Thu, 11 Apr 2019 13:48:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9594428C7F for ; Thu, 11 Apr 2019 13:48:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8A6BA28D91; Thu, 11 Apr 2019 13:48:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0A29928C7F for ; Thu, 11 Apr 2019 13:48:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726723AbfDKNsT (ORCPT ); Thu, 11 Apr 2019 09:48:19 -0400 Received: from cloud.peff.net ([104.130.231.41]:54898 "HELO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726145AbfDKNsQ (ORCPT ); Thu, 11 Apr 2019 09:48:16 -0400 Received: (qmail 7126 invoked by uid 109); 11 Apr 2019 13:48:16 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with SMTP; Thu, 11 Apr 2019 13:48:16 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 27834 invoked by uid 111); 11 Apr 2019 13:48:45 -0000 Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7) by peff.net (qpsmtpd/0.94) with (ECDHE-RSA-AES256-GCM-SHA384 encrypted) SMTP; Thu, 11 Apr 2019 09:48:45 -0400 Authentication-Results: peff.net; auth=none Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Thu, 11 Apr 2019 09:48:14 -0400 Date: Thu, 11 Apr 2019 09:48:14 -0400 From: Jeff King To: git@vger.kernel.org Cc: =?utf-8?b?546L5YGl5by6?= Subject: [PATCH 1/4] test-prio-queue: use xmalloc Message-ID: <20190411134814.GA9182@sigill.intra.peff.net> References: <20190411134736.GA28543@sigill.intra.peff.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190411134736.GA28543@sigill.intra.peff.net> Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP test-prio-queue.c doesn't check the return value of malloc, and could segfault. It's unlikely for this to matter in practice; it's a small allocation, and this code isn't even installed alongside the rest of Git. But let's use xmalloc(), which makes auditing for other accidental uses of bare malloc() easier. Reported-by: 王健强 Signed-off-by: Jeff King --- t/helper/test-prio-queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/helper/test-prio-queue.c b/t/helper/test-prio-queue.c index 5bc9c46ea5..f4028442e3 100644 --- a/t/helper/test-prio-queue.c +++ b/t/helper/test-prio-queue.c @@ -40,7 +40,7 @@ int cmd__prio_queue(int argc, const char **argv) } else if (!strcmp(*argv, "stack")) { pq.compare = NULL; } else { - int *v = malloc(sizeof(*v)); + int *v = xmalloc(sizeof(*v)); *v = atoi(*argv); prio_queue_put(&pq, v); } From patchwork Thu Apr 11 13:48:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff King X-Patchwork-Id: 10896043 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0BF341515 for ; Thu, 11 Apr 2019 13:48:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA0EA28C5A for ; Thu, 11 Apr 2019 13:48:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DE80828D6D; Thu, 11 Apr 2019 13:48:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9873828C66 for ; Thu, 11 Apr 2019 13:48:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726765AbfDKNsf (ORCPT ); Thu, 11 Apr 2019 09:48:35 -0400 Received: from cloud.peff.net ([104.130.231.41]:54906 "HELO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726711AbfDKNsf (ORCPT ); Thu, 11 Apr 2019 09:48:35 -0400 Received: (qmail 7135 invoked by uid 109); 11 Apr 2019 13:48:35 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with SMTP; Thu, 11 Apr 2019 13:48:35 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 27856 invoked by uid 111); 11 Apr 2019 13:49:03 -0000 Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7) by peff.net (qpsmtpd/0.94) with (ECDHE-RSA-AES256-GCM-SHA384 encrypted) SMTP; Thu, 11 Apr 2019 09:49:03 -0400 Authentication-Results: peff.net; auth=none Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Thu, 11 Apr 2019 09:48:33 -0400 Date: Thu, 11 Apr 2019 09:48:33 -0400 From: Jeff King To: git@vger.kernel.org Cc: =?utf-8?b?546L5YGl5by6?= Subject: [PATCH 2/4] xdiff: use git-compat-util Message-ID: <20190411134832.GB9182@sigill.intra.peff.net> References: <20190411134736.GA28543@sigill.intra.peff.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190411134736.GA28543@sigill.intra.peff.net> Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Since the xdiff library was not originally part of Git, it does its own system includes. Let's instead use git-compat-util, which has two benefits: 1. It adjusts for any system-specific quirks in how or what we should include (though xdiff's needs are light enough that this hasn't been a problem in the past). 2. It lets us use wrapper functions like xmalloc(). Signed-off-by: Jeff King --- xdiff/xinclude.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/xdiff/xinclude.h b/xdiff/xinclude.h index f35c4485df..a4285ac0eb 100644 --- a/xdiff/xinclude.h +++ b/xdiff/xinclude.h @@ -23,13 +23,7 @@ #if !defined(XINCLUDE_H) #define XINCLUDE_H -#include -#include -#include -#include -#include -#include - +#include "git-compat-util.h" #include "xmacros.h" #include "xdiff.h" #include "xtypes.h" From patchwork Thu Apr 11 13:49:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jeff King X-Patchwork-Id: 10896045 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 991E417E0 for ; Thu, 11 Apr 2019 13:49:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 81C6928D91 for ; Thu, 11 Apr 2019 13:49:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7665028DA0; Thu, 11 Apr 2019 13:49:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 18FC728DAD for ; Thu, 11 Apr 2019 13:49:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726805AbfDKNt1 (ORCPT ); Thu, 11 Apr 2019 09:49:27 -0400 Received: from cloud.peff.net ([104.130.231.41]:54922 "HELO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726630AbfDKNt1 (ORCPT ); Thu, 11 Apr 2019 09:49:27 -0400 Received: (qmail 7158 invoked by uid 109); 11 Apr 2019 13:49:27 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with SMTP; Thu, 11 Apr 2019 13:49:27 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 27924 invoked by uid 111); 11 Apr 2019 13:49:56 -0000 Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7) by peff.net (qpsmtpd/0.94) with (ECDHE-RSA-AES256-GCM-SHA384 encrypted) SMTP; Thu, 11 Apr 2019 09:49:56 -0400 Authentication-Results: peff.net; auth=none Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Thu, 11 Apr 2019 09:49:25 -0400 Date: Thu, 11 Apr 2019 09:49:25 -0400 From: Jeff King To: git@vger.kernel.org Cc: =?utf-8?b?546L5YGl5by6?= Subject: [PATCH 3/4] xdiff: use xmalloc/xrealloc Message-ID: <20190411134925.GC9182@sigill.intra.peff.net> References: <20190411134736.GA28543@sigill.intra.peff.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190411134736.GA28543@sigill.intra.peff.net> Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Most of xdiff uses a bare malloc() to allocate memory, and returns an error when we get NULL. However, there are a few spots which don't check the return value and may segfault, including at least xdl_merge() and xpatience.c's find_longest_common_sequence(). Let's use xmalloc() everywhere instead, so that we get a graceful die() for these cases, without having to do further auditing. This does mean the existing cases which check errors will now die() instead of returning an error up the stack. But: - that's how the rest of Git behaves already for malloc errors - all of the callers of xdi_diff(), etc, die upon seeing an error So while we might one day want to fully lib-ify the diff code and make it possible to use as part of a long-running process, we're not close to that now. And because we're just tweaking the xdl_malloc() macro here, we're not really moving ourselves any further away from that. We could, for example, simplify some of the functions which handle malloc() errors which can no longer occur. But that would probably be taking us in the wrong direction. This also makes our malloc handling more consistent with the rest of Git, including enforcing GIT_ALLOC_LIMIT and trying to reclaim pack memory when needed. Reported-by: 王健强 Signed-off-by: Jeff King --- xdiff/xdiff.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xdiff/xdiff.h b/xdiff/xdiff.h index b158369020..032e3a9f41 100644 --- a/xdiff/xdiff.h +++ b/xdiff/xdiff.h @@ -113,9 +113,9 @@ typedef struct s_bdiffparam { } bdiffparam_t; -#define xdl_malloc(x) malloc(x) +#define xdl_malloc(x) xmalloc(x) #define xdl_free(ptr) free(ptr) -#define xdl_realloc(ptr,x) realloc(ptr,x) +#define xdl_realloc(ptr,x) xrealloc(ptr,x) void *xdl_mmfile_first(mmfile_t *mmf, long *size); long xdl_mmfile_size(mmfile_t *mmf); From patchwork Thu Apr 11 13:49:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff King X-Patchwork-Id: 10896047 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 02798186E for ; Thu, 11 Apr 2019 13:50:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DDB2928802 for ; Thu, 11 Apr 2019 13:50:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DB66A28981; Thu, 11 Apr 2019 13:50:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68E6A28802 for ; Thu, 11 Apr 2019 13:50:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726603AbfDKNt7 (ORCPT ); Thu, 11 Apr 2019 09:49:59 -0400 Received: from cloud.peff.net ([104.130.231.41]:54930 "HELO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1726106AbfDKNt7 (ORCPT ); Thu, 11 Apr 2019 09:49:59 -0400 Received: (qmail 7172 invoked by uid 109); 11 Apr 2019 13:49:59 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with SMTP; Thu, 11 Apr 2019 13:49:59 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 27942 invoked by uid 111); 11 Apr 2019 13:50:28 -0000 Received: from sigill.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.7) by peff.net (qpsmtpd/0.94) with (ECDHE-RSA-AES256-GCM-SHA384 encrypted) SMTP; Thu, 11 Apr 2019 09:50:28 -0400 Authentication-Results: peff.net; auth=none Received: by sigill.intra.peff.net (sSMTP sendmail emulation); Thu, 11 Apr 2019 09:49:57 -0400 Date: Thu, 11 Apr 2019 09:49:57 -0400 From: Jeff King To: git@vger.kernel.org Cc: =?utf-8?b?546L5YGl5by6?= Subject: [PATCH 4/4] progress: use xmalloc/xcalloc Message-ID: <20190411134957.GD9182@sigill.intra.peff.net> References: <20190411134736.GA28543@sigill.intra.peff.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190411134736.GA28543@sigill.intra.peff.net> Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Since the early days of Git, the progress code allocates its struct with a bare malloc(), not xmalloc(). If the allocation fails, we just avoid showing progress at all. While perhaps a noble goal not to fail the whole operation because of optional progress, in practice: 1. Any failure to allocate a few dozen bytes here means critical path allocations are likely to fail, too. 2. These days we use a strbuf for throughput progress (and there's a patch under discussion to do the same for non-throughput cases, too). And that uses xmalloc() under the hood, which means we'd still die on some allocation failures. Let's switch to xmalloc(). That makes us consistent with the rest of Git and makes it easier to audit for other (less careful) bare mallocs. Signed-off-by: Jeff King --- This one is obviously less urgent than the others in that it doesn't trigger a segfault. So this is purely cleanup. progress.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/progress.c b/progress.c index 5a99c9fbf0..699ac33c4f 100644 --- a/progress.c +++ b/progress.c @@ -139,12 +139,10 @@ void display_throughput(struct progress *progress, uint64_t total) now_ns = getnanotime(); if (!tp) { - progress->throughput = tp = calloc(1, sizeof(*tp)); - if (tp) { - tp->prev_total = tp->curr_total = total; - tp->prev_ns = now_ns; - strbuf_init(&tp->display, 0); - } + progress->throughput = tp = xcalloc(1, sizeof(*tp)); + tp->prev_total = tp->curr_total = total; + tp->prev_ns = now_ns; + strbuf_init(&tp->display, 0); return; } tp->curr_total = total; @@ -196,13 +194,7 @@ int display_progress(struct progress *progress, uint64_t n) static struct progress *start_progress_delay(const char *title, uint64_t total, unsigned delay) { - struct progress *progress = malloc(sizeof(*progress)); - if (!progress) { - /* unlikely, but here's a good fallback */ - fprintf(stderr, "%s...\n", title); - fflush(stderr); - return NULL; - } + struct progress *progress = xmalloc(sizeof(*progress)); progress->title = title; progress->total = total; progress->last_value = -1;